Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Flickr: The First and Last Great Photo Platform
17 points, 2 comments on Hacker News
Forge
Comments
OpenAI: Workspace Agents for Business
15 points, 2 comments on Hacker News
Website streamed live directly from a model
122 points, 46 comments on Hacker News
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official release. The
Coding Models Are Doing Too Much
76 points, 31 comments on Hacker News
Workspace Agents in ChatGPT
21 points, 5 comments on Hacker News
Parallel Agents in Zed
42 points, 12 comments on Hacker News
We found a stable Firefox identifier linking all your private Tor identities
381 points, 107 comments on Hacker News
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activity under the name CanisterSprawl owing to the use of an ICP canister to exfiltrate the stolen data
Surveillance Pricing: Exploiting Information Asymmetries
19 points, 5 comments on Hacker News
Anker made its own chip to bring AI to all its products
Article URL: https://www.theverge.com/tech/916463/anker-thus-chip-announcement Comments URL: https://news.ycombinator.com/item?id=47866368 Points: 29 # Comments: 8
PCR is a surprisingly near-optimal technology
47 points, 6 comments on Hacker News
The Joy of Folding Bikes
69 points, 40 comments on Hacker News
Startups Brag They Spend More Money on AI Than Human Employees
Article URL: https://www.404media.co/startups-brag-they-spend-more-money-on-ai-than-human-employees/ Comments URL: https://news.ycombinator.com/item?id=47865923 Points: 39 # Comments: 31
Alberta startup sells no-tech tractors for half price
500 points, 180 comments on Hacker News
Show HN: Agent Vault – Open-source credential proxy and vault for agents
58 points, 17 comments on Hacker News
Martin Fowler: Technical, Cognitive, and Intent Debt
68 points, 13 comments on Hacker News
Technical, cognitive, and intent debt
182 points, 42 comments on Hacker News
Show HN: Broccoli, one shot coding agent on the cloud
Hi HN — we built Broccoli, an open-source harness for taking coding tasks from Linear, running them in isolated cloud sandboxes, and opening PRs for a human to review. We’re a small team, and our main company supplies voice data. But we kept running into the same problem with coding agents. We’d have a feature request, a refactor, a bug, and some internal tooling work all happening at once, and managing that through local agent sessions meant a lot of context switching, worktree juggling, and laptops left open just so tasks could keep running. So we built Broccoli. Each task gets its own cloud sandbox to be executed end to end independently. Broccoli checks out the repo, uses the context in the ticket, works through an implementation, runs tests and review loops, and opens a PR for someone on the team to inspect. Over the last four weeks, 100% of the PRs from non-developers are shipped via Broccoli, which is a safer and more efficient route. For developers on the team, this share is
Youth Suicides Declined After Creation of National Hotline
106 points, 53 comments on Hacker News
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. "The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses," the Symantec and Carbon Black Threat Hunter
Ping-pong robot beats top-level human players
59 points, 64 comments on Hacker News
Using LLMs to find Python C-extension bugs
Comments
Making ChatGPT better for clinicians
OpenAI makes ChatGPT for Clinicians free for verified U.S. physicians, nurse practitioners, and pharmacists, supporting clinical care, documentation, and research.
DuckDB 1.5.2 – SQL database that runs on laptop, server, in the browser
Article URL: https://duckdb.org/2026/04/13/announcing-duckdb-152 Comments URL: https://news.ycombinator.com/item?id=47864454 Points: 88 # Comments: 25
Scoring Show HN submissions for AI design patterns
223 points, 173 comments on Hacker News
Iliad fragment found in Roman-era mummy
83 points, 21 comments on Hacker News
The Edge of Safe Rust
Comments
1-Bit Hokusai's "The Great Wave" (2023)
356 points, 65 comments on Hacker News
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles